--have the server reject commits that have the 'committer' set to
someone other then the authenticated user
but I don't know how to do that?
Our central repository is hosted by apache, and there are some
username and passwords saved by apache to authentication valid user,
but as I know, there are no relation between the apache username and
the git client user ino (saved in .gitconfig), so can you describe
On Thu, Jan 31, 2013 at 1:56 PM, Andrew Ardill <andrew.ard...@gmail.com> wrote:
> On 31 January 2013 16:52, Scott Yan <scottya...@gmail.com> wrote:
>> The user info of git client (user name and email) is set by the users
>> themselves, so , how to avoid userA pretend to be userB?
>> Git server could authentication the user, but it do nothing about the
>> user info of commit message.
> The simplest thing is to have the server reject commits that have the
> 'committer' set to someone other then the authenticated user.
> Of course, there are potential workflows that this would cause problems for,
> such as if you sync directly to another user's repository and then try and
> push those to a central server.
> The most robust system would probably involve using signed tags to verify
> what is being pushed, however I am not aware of any set-ups that have done
> this yet.
> Andrew Ardill
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html